Date: Thu, 5 Sep 2019 16:51:04 +0000 (UTC) From: Kurt Jaeger <pi@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r511195 - in head/dns/powerdns: . files Message-ID: <201909051651.x85Gp4aM088542@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: pi Date: Thu Sep 5 16:51:04 2019 New Revision: 511195 URL: https://svnweb.freebsd.org/changeset/ports/511195 Log: dns/powerdns: upgrade 4.1.14 -> 4.2.0 - Please note: to fix CVE-2019-10203, upgrading is not enough Manually apply the schema change: ALTER TABLE domains ALTER notified_serial TYPE bigint USING CASE WHEN notified_serial >= 0 THEN notified_serial::bigint END; PR: 239850 Submitted by: Ralf van der Enden <tremere@cainites.net> (maintainer) MFH: 2019Q3 Relnotes: https://doc.powerdns.com/authoritative/changelog/4.2.html http://blog.powerdns.com/2019/08/29/powerdns-authoritative-server-4-2-0/ Security: CVE-2019-10203 Added: head/dns/powerdns/files/patch-pdns_dns__random.cc (contents, props changed) head/dns/powerdns/pkg-install (contents, props changed) Modified: head/dns/powerdns/Makefile head/dns/powerdns/distinfo head/dns/powerdns/files/pdns.in head/dns/powerdns/files/pkg-message.in head/dns/powerdns/pkg-plist Modified: head/dns/powerdns/Makefile ============================================================================== --- head/dns/powerdns/Makefile Thu Sep 5 16:15:10 2019 (r511194) +++ head/dns/powerdns/Makefile Thu Sep 5 16:51:04 2019 (r511195) @@ -1,10 +1,9 @@ # $FreeBSD$ PORTNAME= powerdns -DISTVERSION= 4.1.10 -PORTREVISION= 4 +DISTVERSION= 4.2.0 CATEGORIES= dns ipv6 -MASTER_SITES= http://downloads.powerdns.com/releases/ +MASTER_SITES= https://downloads.powerdns.com/releases/ DISTNAME= pdns-${DISTVERSION} MAINTAINER= tremere@cainites.net @@ -14,11 +13,11 @@ LICENSE= GPLv2 BROKEN_sparc64= Does not compile: error: to_string is not a member of std -LIB_DEPENDS= libboost_serialization.so:devel/boost-libs +LIB_DEPENDS= libboost_serialization.so:devel/boost-libs \ + libcurl.so:ftp/curl USES= compiler:c++11-lib cpe gmake libtool localbase:ldflags pathfix \ pkgconfig ssl tar:bzip2 - USE_LDCONFIG= YES USE_RC_SUBR= pdns USE_SUBMAKE= YES @@ -35,27 +34,25 @@ INSTALL_TARGET= install-strip SCRIPTS_ENV= CURDIR2="${.CURDIR}" DISTNAME="${DISTNAME}" MKDIR="${MKDIR}" \ POWERDNS_OPTIONS="${POWERDNS_OPTIONS}" \ WRKDIRPREFIX="${WRKDIRPREFIX}" - SUB_FILES= pkg-message -OPTIONS_DEFINE= DOCS EXAMPLES LUAJIT MYDNS MYSQL OPENDBX OPENLDAP \ - OPTALGO PGSQL PROTOBUF REMOTE SQLITE3 TINYDNS TOOLS \ - UNIXODBC -OPTIONS_DEFAULT= MYSQL PGSQL SQLITE3 - -OPTIONS_GROUP= EXPERIMENTAL REMOTEOPT -OPTIONS_GROUP_EXPERIMENTAL= LUABACKEND +OPTIONS_DEFINE= DOCS EXAMPLES GEOIP LUABACKEND LUAJIT MYDNS \ + MYSQL OPENDBX OPENLDAP PGSQL PROTOBUF REMOTE \ + SQLITE3 TINYDNS TOOLS UNIXODBC +OPTIONS_DEFAULT= MYSQL PGSQL SQLITE3 +OPTIONS_GROUP= GEOIPOPT REMOTEOPT OPTIONS_GROUP_REMOTEOPT= ZEROMQ OPTIONS_SUB= yes -LUABACKEND_DESC= Lua backend +GEOIPOPT_DESC= GeoIP DB options +GEOIP_DESC= GeoIP backend (GeoIP2 DB) +LUABACKEND_DESC= Lua2 backend LUAJIT_DESC= Use LuaJIT instead of Lua MYDNS_DESC= MyDNS backend MYSQL_DESC= MySQL backend OPENDBX_DESC= OpenDBX backend OPENLDAP_DESC= OpenLDAP backend -OPTALGO_DESC= Enable optional algorithms (12, 15 & 16) PGSQL_DESC= PostgreSQL backend PROTOBUF_DESC= Protobuf support REMOTEOPT_DESC= Remote backend connectors @@ -65,11 +62,15 @@ TINYDNS_DESC= TinyDNS backend TOOLS_DESC= Build extra tools ZEROMQ_DESC= Enable ZeroMQ connector (Implies REMOTE enabled) -LUABACKEND_VARS= MODULES+=lua +GEOIP_LIB_DEPENDS= libmaxminddb.so:net/libmaxminddb \ + libyaml-cpp.so:devel/yaml-cpp +GEOIP_VARS= MODULES+=geoip +LUABACKEND_VARS= MODULES+=lua2 + LUAJIT_LIB_DEPENDS= libluajit-5.1.so.2:lang/luajit LUAJIT_USES_OFF= lua -LUAJIT_CONFIGURE_WITH= luajit +LUAJIT_CONFIGURE_ON= --with-lua=luajit MYDNS_USES= mysql MYDNS_CONFIGURE_ON= --with-mysql=${LOCALBASE} @@ -87,13 +88,6 @@ OPENLDAP_USE= OPENLDAP=YES OPENLDAP_CXXFLAGS= -DLDAP_DEPRECATED=1 OPENLDAP_VARS= MODULES+=ldap -OPTALGO_LIB_DEPENDS= libbotan-2.so:security/botan2 \ - libdecaf.so:security/libdecaf \ - libsodium.so:security/libsodium -OPTALGO_CONFIGURE_ON= --enable-botan \ - --enable-libdecaf \ - --enable-libsodium - PGSQL_USES= pgsql PGSQL_CONFIGURE_ON= --with-pg-config=${LOCALBASE}/bin/pg_config PGSQL_VARS= MODULES+=gpgsql @@ -120,9 +114,18 @@ ZEROMQ_IMPLIES= REMOTE ZEROMQ_LIB_DEPENDS= libzmq.so:net/libzmq4 ZEROMQ_CONFIGURE_ON= --enable-remotebackend-zeromq +.include <bsd.port.pre.mk> + +.if ${OPSYS} == FreeBSD && ${OSVERSION} < 1200085 && ${SSL_DEFAULT} != openssl111 +CONFIGURE_ARGS+= --with-libdecaf \ + --with-libsodium +LIB_DEPENDS+= libdecaf.so:security/libdecaf \ + libsodium.so:security/libsodium +.endif + post-install:: @${MKDIR} ${STAGEDIR}${EXAMPLESDIR} @${STAGEDIR}${LOCALBASE}/sbin/pdns_server --module-dir=${STAGEDIR}${LOCALBASE}/lib/pdns --launch="pipe bind ${MODULES}" --config > ${STAGEDIR}${EXAMPLESDIR}/pdns.conf @${REINPLACE_CMD} -e 's;${STAGEDIR};;' -i '' ${STAGEDIR}${EXAMPLESDIR}/pdns.conf -.include <bsd.port.mk> +.include <bsd.port.post.mk> Modified: head/dns/powerdns/distinfo ============================================================================== --- head/dns/powerdns/distinfo Thu Sep 5 16:15:10 2019 (r511194) +++ head/dns/powerdns/distinfo Thu Sep 5 16:51:04 2019 (r511195) @@ -1,3 +1,3 @@ -TIMESTAMP = 1561114944 -SHA256 (pdns-4.1.10.tar.bz2) = 5a46cfde92caaaa2e85af9a15acb9ad81b56f4c8a8255c457e6938d8c0cb15c7 -SIZE (pdns-4.1.10.tar.bz2) = 1117663 +TIMESTAMP = 1567076172 +SHA256 (pdns-4.2.0.tar.bz2) = 222007f25e25aad71ac7d8b7f1797a4bcb30781e456d74ed00396e53828a903a +SIZE (pdns-4.2.0.tar.bz2) = 1249282 Added: head/dns/powerdns/files/patch-pdns_dns__random.cc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/dns/powerdns/files/patch-pdns_dns__random.cc Thu Sep 5 16:51:04 2019 (r511195) @@ -0,0 +1,12 @@ +--- pdns/dns_random.cc.orig 2018-11-29 12:53:42 UTC ++++ pdns/dns_random.cc +@@ -40,7 +40,9 @@ + #include <openssl/rand.h> + #endif + #if defined(HAVE_GETRANDOM) ++extern "C" { + #include <sys/random.h> ++} + #endif + + static enum DNS_RNG { Modified: head/dns/powerdns/files/pdns.in ============================================================================== --- head/dns/powerdns/files/pdns.in Thu Sep 5 16:15:10 2019 (r511194) +++ head/dns/powerdns/files/pdns.in Thu Sep 5 16:51:04 2019 (r511195) @@ -4,7 +4,7 @@ # # PROVIDE: pdns_server -# REQUIRE: DAEMON SERVERS +# REQUIRE: DAEMON SERVERS mysql postgresql slapd # KEYWORD: shutdown # Modified: head/dns/powerdns/files/pkg-message.in ============================================================================== --- head/dns/powerdns/files/pkg-message.in Thu Sep 5 16:15:10 2019 (r511194) +++ head/dns/powerdns/files/pkg-message.in Thu Sep 5 16:51:04 2019 (r511195) @@ -15,9 +15,9 @@ EOM { type: upgrade maximum_versio: 3.4 message: <<EOM - --------------------------------------------- - IMPORTANT: PowerDNS Authoritive Server 3.4.0+: - --------------------------------------------- + ----------------------------------------------- + IMPORTANT: PowerDNS Authoritative Server 3.4.0+: + ----------------------------------------------- This version needs a mandatory schema change for the gmsyql, gpgsql and gsqlite3 backends. SQL statements are available in %%DOCSDIR%% or http://doc.powerdns.com Added: head/dns/powerdns/pkg-install ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/dns/powerdns/pkg-install Thu Sep 5 16:51:04 2019 (r511195) @@ -0,0 +1,42 @@ +#! /bin/sh + +# $FreeBSD$ + +PATH=/bin:/usr/bin:/usr/sbin + +securitywarning() { +cat <<EOF + + === IMPORTANT FOR GPGSQL BACKEND USERS! === + The following only impacts anyone using the + gpgsql (PostgreSQL) backend: + + An issue has been found in PowerDNS + Authoritative Server allowing an authorized + user to cause the server to exit by + inserting a crafted record in a MASTER type + zone under their control. The issue is due + to the fact that the Authoritative Server + will exit when it tries to store the + notified serial in the PostgreSQL database, + if this serial cannot be represented in 31 + bits. + + To fix the issue, run the following command + against your PostgreSQL pdns database: + + ALTER TABLE domains ALTER notified_serial + TYPE bigint USING CASE WHEN notified_serial + >= 0 THEN notified_serial::bigint END; + + No software changes are required. + =========================================== +EOF +} + +case $2 in +PRE-INSTALL) + securitywarning + sleep 5 + ;; +esac Modified: head/dns/powerdns/pkg-plist ============================================================================== --- head/dns/powerdns/pkg-plist Thu Sep 5 16:15:10 2019 (r511194) +++ head/dns/powerdns/pkg-plist Thu Sep 5 16:51:04 2019 (r511195) @@ -4,8 +4,10 @@ bin/zone2json bin/zone2sql sbin/pdns_server %%PROTOBUF%%bin/dnspcap2protobuf +%%TOOLS%%bin/calidns %%TOOLS%%bin/dnsbulktest %%TOOLS%%bin/dnsgram +%%TOOLS%%bin/dnspcap2calidns %%TOOLS%%bin/dnsreplay %%TOOLS%%bin/dnsscan %%TOOLS%%bin/dnsscope @@ -21,7 +23,8 @@ sbin/pdns_server %%TOOLS%%bin/stubquery lib/pdns/libbindbackend.so lib/pdns/libpipebackend.so -%%LUABACKEND%%lib/pdns/libluabackend.so +%%GEOIP%%lib/pdns/libgeoipbackend.so +%%LUABACKEND%%lib/pdns/liblua2backend.so %%MYDNS%%lib/pdns/libmydnsbackend.so %%MYSQL%%lib/pdns/libgmysqlbackend.so %%OPENDBX%%lib/pdns/libopendbxbackend.so @@ -35,6 +38,7 @@ lib/pdns/libpipebackend.so %%TOOLS%%man/man1/calidns.1.gz %%TOOLS%%man/man1/dnsbulktest.1.gz %%TOOLS%%man/man1/dnsgram.1.gz +%%TOOLS%%man/man1/dnspcap2calidns.1.gz %%TOOLS%%man/man1/dnsscan.1.gz %%TOOLS%%man/man1/dumresp.1.gz %%TOOLS%%man/man1/ixplore.1.gz @@ -59,6 +63,10 @@ man/man1/zone2sql.1.gz %%PORTEXAMPLES%%@dir %%EXAMPLESDIR%% %%MYSQL%%%%PORTDOCS%%%%DOCSDIR%%/3.4.0_to_4.1.0_schema.mysql.sql %%PGSQL%%%%PORTDOCS%%%%DOCSDIR%%/3.4.0_to_4.1.0_schema.pgsql.sql +%%SQLITE3%%%%PORTDOCS%%%%DOCSDIR%%/3.4.0_to_4.0.0_schema.sqlite3.sql +%%SQLITE3%%%%PORTDOCS%%%%DOCSDIR%%/4.0.0_to_4.2.0_schema.sqlite3.sql +%%MYSQL%%%%PORTDOCS%%%%DOCSDIR%%/4.1.0_to_4.2.0_schema.mysql.sql +%%PGSQL%%%%PORTDOCS%%%%DOCSDIR%%/4.1.0_to_4.2.0_schema.pgsql.sql %%MYSQL%%%%PORTDOCS%%%%DOCSDIR%%/dnssec-3.x_to_3.4.0_schema.mysql.sql %%PGSQL%%%%PORTDOCS%%%%DOCSDIR%%/dnssec-3.x_to_3.4.0_schema.pgsql.sql %%SQLITE3%%%%PORTDOCS%%%%DOCSDIR%%/dnssec-3.x_to_3.4.0_schema.sqlite3.sql
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201909051651.x85Gp4aM088542>